This seems to make sense. ok todd@. Please get at least one other ok though.
Penned by Brad Smith on 20140118 20:57.26, we have:
| On Thu, Jan 09, 2014 at 03:55:44PM -0500, Brad Smith wrote:
| > The default PF ruleset as setup by rc is too restrictive. Have the default
| > ruleset allow for DHCPv6.
|
| Anyone?
|
| > Index: rc
| > ===================================================================
| > RCS file: /home/cvs/src/etc/rc,v
| > retrieving revision 1.419
| > diff -u -p -u -p -r1.419 rc
| > --- rc 3 Jan 2014 23:24:19 -0000 1.419
| > +++ rc 9 Jan 2014 20:47:07 -0000
| > @@ -330,6 +330,8 @@ if [ X"${pf}" != X"NO" ]; then
| > RULES="$RULES\npass in inet6 proto icmp6 all icmp6-type
neighbradv"
| > RULES="$RULES\npass out inet6 proto icmp6 all icmp6-type
routersol"
| > RULES="$RULES\npass in inet6 proto icmp6 all icmp6-type
routeradv"
| > + RULES="$RULES\npass out inet6 proto udp from any port
dhcpv6-client to any port dhcpv6-server"
| > + RULES="$RULES\npass in inet6 proto udp from any port
dhcpv6-server to any port dhcpv6-client"
| > fi
| > RULES="$RULES\npass proto carp keep state (no-sync)"
| > case `sysctl vfs.mounts.nfs 2>/dev/null` in
| >
| > --
| > This message has been scanned for viruses and
| > dangerous content by MailScanner, and is
| > believed to be clean.
| >
|
| --
| This message has been scanned for viruses and
| dangerous content by MailScanner, and is
| believed to be clean.
--
Todd Fries .. [email protected]
____________________________________________
| \ 1.636.410.0632 (voice)
| Free Daemon Consulting, LLC \ 1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com \ 1.866.792.3418 (FAX)
| PO Box 16169, Oklahoma City, OK 73113-2169 \ sip:[email protected]
| "..in support of free software solutions." \ sip:[email protected]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt
